Monday, July 20, 2015
In 2014, the Court of Justice of the European Union famously held that “[i]ndividuals have the right - under certain conditions - to ask search engines to remove links with personal information about them. This applies where “the information is inaccurate, inadequate, irrelevant or excessive” for the purpose of otherwise legitimate data collection. “A case-by-case assessment is needed considering the type of information in question, its sensitivity for the individual’s private life and the interest of the public in having access to that information.”
A few days ago, infamous adultery-enabling website Ashley Madison and “sister” site (no pun intended) EstablishedMen.com, which “connects ambitious and attractive young women with successful and generous benefactors to fulfill their lifestyle needs,” was hacked into by “The Impact Team,” a group of apparently offended hackers who threatened to release “all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails” unless the owner of the sites, Avid Life Media, removes the controversial websites from the Internet permanently.
Notwithstanding legal issues regarding, perhaps, prostitution, do customers have a right to be forgotten? Not in general in the USA so far. Even if a provision similar to the EU law applied here, it would only govern search engines. Ashley Madison had, however, contractually promised its paying users a “full delete” in return for a fee of $19. The problem? Apparently that the site(s) still kept purchase details with names. Further, of course, that the company promised and still promises “100% discreet service.” Both seemingly clear contractual promises.
Although the above example may, for perhaps good reason, simply cause you to think that the so-called “clients” above have only gotten what they asked for, the underlying bigger issues remain: why in the world, after first Target, then HomeDepot and others, can companies not find out how to securely protect their customers’ data “100%”? And why should we, in the United States, not have a general right to be deleted not only from companies’ records, but from search engines, if we want to? I admittedly live a very boring life. I don’t have anything to hide. But if I once in a blue moon sign up for something as simple as Meetup.com to go hiking with others, my name and/or image is almost certain to appear within a few days online. I find that annoying. I don’t want my students, for example, to know where I occasionally may meet friends for happy hour. But unless I invest relatively large amount of time in figuring out how to use and not use new technology (which I see that I have to, given the popularity of LinkedIn and the like), I may end up online anyway. That’s not what I signed up for.
As for Ashley Madison, the company has apparently been adding users so rapidly that it has been considering an initial public offering. You can truly get everything on the Internet these days, perhaps apart from data security.